Active Directory: Auto assign User to Proxmox Group

R

RitterHotzenplotz

New Member
Proxmox Subscriber
Sep 12, 2023
2
0
1
Hi guys,

I have set up Active Directory as a realm. I work with users and group filters. Both work perfectly. However, the users are not added to the corresponding selected group.

Therefore the question to the group: what needs to be configured in the realm.

Example: User1 is in group PRX_ADMIN.
Both are found and created using the filters (user, group). However, User1 is not assigned to the PRX_ADMIN group in Proxmox.

And now? What else needs to be configured?

Best regards
 
Here are a few facts:

User Filter:
(&(objectClass=user)(samaccountname=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=PRX_Admin,OU=Group,DC=toll,DC=local)(memberOf:1.2.840.113556.1.4.1941:=CN=PRX_VM_Admin,OU=Group,DC=toll,DC=local)(memberOf:1.2.840.113556.1.4.1941:=CN=PRX_VM_User,OU=Group,DC=toll,DC=local)))

Group Filter:
(&(objectClass=group)(cn=Prx_*))
 
Last edited:
If I remember correctly, that doesn't work. I created my own script that does the job.
 
  • Like
Reactions: tglemser
I wrote a python script doing the job quite well. It works as cronjob as well (make sure to chmod +x it).

The script searches the useres matching the criteria configured at the end. You can run it interactively or automatically and in silent mode (see end of the script).

Maybe it helps.

Python: 
#!/usr/bin/python3
import subprocess
import json

# Modify this path to the full path of your pveum executable
PVEUM_PATH = "/usr/sbin/pveum"

# Function to list users from Proxmox, filter, and update group membership
def list_and_update_users(group_name, realm_type, domain, ask_confirmation=True, silent=False):
    # Command to list all users from Proxmox VE in JSON format
    list_users_command = f"{PVEUM_PATH} user list --full --output-format json"
    
    # Execute the command and capture the output
    result = subprocess.run(list_users_command, shell=True, capture_output=True, text=True)
    if result.returncode != 0:
        if not silent:
            print(f"Error listing users: {result.stderr}")
        return

   # Load JSON data from the command output
    users_data = json.loads(result.stdout)

   # Filter users based on the criteria
    users_to_add = [
        user['userid'] for user in users_data
        if user.get('realm-type') == realm_type and
           group_name not in user.get('groups', '') and
           user['userid'].endswith(domain)
    ]

   # Check if the filtered list is empty
    if not users_to_add:
        if not silent:
            print("No users found meeting the search criteria.")
        return

   # Display users to be added unless silent
    if not silent:
        print("\nUsers to be added to group '{}':".format(group_name))
        print(users_to_add)

   # Check if confirmation is needed
    if ask_confirmation and not silent:
        response = input("Do you want to add these users to the group '{}'? (y/n): ".format(group_name))
        if response.lower() != 'y':
            print("No changes made.")
            return

   # Proceed to add users to the group
    for user in users_to_add:
        add_user_command = f"{PVEUM_PATH} usermod {user} -group {group_name}"
        add_result = subprocess.run(add_user_command, shell=True, capture_output=True, text=True)
        if add_result.returncode != 0 and not silent:
            print(f"Failed to add {user} to group '{group_name}': {add_result.stderr}")

   if not silent:
        print("Operation completed.")

# params
group_name = "ProxmoxGroup" #this is the proxmox group you want to add the users to
realm_type = "ad"
domain = "@domain" #this is the part after the username for the realm, e.g. user@realm

# For interactive use
list_and_update_users(group_name, realm_type, domain, ask_confirmation=True, silent=False)
# For cron job or automated script
# list_and_update_users(group_name, realm_type, domain, ask_confirmation=False, silent=True)
 
  • Like
Reactions: gorand
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back